Track Common Adversary Tasks Performed Using BackConfig

 




To know more about it, you can go through my detailed document by clicking here









Overview

BackConfig is a trojan having a flexible plugin architecture that has been used by Patchwork APT. It's a complex hacking tool, generally deployed against the high-value targets of South-Asian region.

How Does It Works?

This malware generally spreads through spear-phishing emails, in which, the fake content seems relevant to the target preferences and once it successfully tricks the target, the system will be infected by BackConfig malware. Recently, a combination of text files and batch scripts was used to eventually download the BackConfig payload via a remote URL. After that, this malware can easily gather system information, download additional payloads, keylogging, etc. and use them for their malicious purposes..

Impact

Information theft and exposure of sensitive data are some of the major impacts of BackConfig infection.

Prevention

Following steps might help in mitigating this malware:
  • Block all threat indicators at your respective controls.
  • Always be wary of the emails sent by an unknown sender.
  • Don't click on the links/attachments sent by an unknown sender.













To know more about it, you can go through my detailed document by clicking here


Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Deployment (Part 2)